CVE-2010-4334

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

Date published : 2011-01-13

http://www.securityfocus.com/bid/45189

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058